WebSummit: Subdomain Takeover at http://gameday.websummit.net

2016-12-21T13:10:21
ID H1:193056
Type hackerone
Reporter filedeletor1
Modified 2017-01-30T12:54:53

Description

As i said in the title i found a subdomain takeover vulnerability on the url http://gameday.websummit.net The url was trying to find a bucket that didn't exist from a probably forgotten dns entry that was at gameday.websummit.net.s3-website-eu-west-1.amazonaws.com

So i created a bucket with the specified name and uploaded a poc. POC in the pictures

For more infos please ask...